AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

Listing Of Claims 
1.-19. (Canceled) 

20. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform : 

an intrusion detection system onboard the mobile platform and connected to the 
onboard network; and 

an onboard security management system responsive to the intrusion detection 
system adapted to i nitiat e that initiates an action to stop anjntrusion bv one of the users 
onboard the mobile platform based on a set of policies, and such that the action is 
directed to one or more selected user access points; 

said onboard security management system further adapted to update updates 
said set of policies during the time that the intermittent link has connection; 

a status indicator to indicate a status of the onboard network. 
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21. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises sending a warning message to 
the user. 

22. (Previously Presented) The security system as recited in claim 20, 
wherein initiating the action to stop intrusion comprises disconnecting the user's access 
to the onboard network. 

23. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to provide an alert 
message to the terrestrial-based system when an intrusion event is detected. 

24. (Previously Presented) The security system as recited in claim 20, 
wherein the onboard security management system further operates to install a network 
traffic blocking filter on one of a plurality of user access points of the onboard network. 

25. (Previously Presented) The security system as recited in claim 20, 
wherein the action to stop intrusion is directed to a specific one of a plurality of user 
access points of the onboard network. 

26. (Presently Presented) The security system recited in claim 20, wherein 
said status indicator provides a status of a current operational state of each one of a 
plurality of network user access points of the onboard network. 



Serial No. 09/992,310 



Page 3 of 15 



27. (Previously Presented) The security system recited in claim 26, wherein 
the indicator indicates one of: 

a normal operational state; 

a suspect operational state wherein an intrusion event is suspected; and 
a disconnect state in which access by a user of a specific access point on the 
onboard network is prevented. 

28. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform ; 

an intrusion detection system onboard the mobile platform and connected to the 
onboard network for detecting if a potential intrusion event has occurred bv one of the 
plurality of users onboard the mobile platform : and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies; 

wherein: 

the action can b e jsdirected to at least a selected one of a plurality of user 
access points on the onboard network; 
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if an update to the set of policies is necessary, the policies are updated 
during the time that the intermittent link has connection with the terrestrial-based 
system; and 

the onboard security manager maintains an indicator of a current 
operational state of each one of the plurality of network user access points of the 
onboard network, wherein the indicator indicates whether at least one of the following 
conditions is present: 

a normal state of operational for the onboard network; 
a suspect operational state wherein an intrusion event is 
suspected; and 

a disconnect state in which access by a user of a specific 
one of the user access points is being prevented. 

29. (Canceled) 

30. (Previously Presented) The security system as recited in claim 28, 
wherein the onboard security manager notifies the terrestrial-based system when the 
potential intrusion event is detected. 

31. (Previously Presented) The security system as recited in claim 28, 
wherein the action comprises preventing access to the onboard network from a selected 
one or more of the user access points from the onboard network. 



Serial No. 09/992,310 



Page 5 of 15 



32-33. (Canceled) 



34. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform ; 

an intrusion detection system onboard the mobile platform for monitoring the 
onboard network for detecting if a potential intrusion event has occurred bv one of the 
plurality of users onboard the mobile platform ; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies, the action able to be directed to at least a selected one of a plurality of 
user access points on the onboard networ k, and the onboard security management 
system receives updates to said security policies from the terrestrial-based system 
while said intermittent link is operational : 

wherein the action includes one of: 

notifying a particular user on the onboard network that a suspected 
intrusion event has occurred; or 

blocking access by the particular user to the onboard network; 

the security system further boing adapt e d to provid e provides a status indication 
as to a status of the onboard network. 
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35. (Canceled) 



36. (Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system notifies the terrestrial-based system that a 
potential intrusion event has occurred. 

37. (Previously Presented) The security system recited in claim 34, where the 
action taken by the onboard security management system further includes installing a 
network traffic blocking filter on said user access point on which a potential intrusion 
event has occurred. 

38. (Currently Amended) A method for monitoring an onboard network on a 
mobile platform, in which the onboard network is in intermittent communication with a 
terrestrial-based system, the method comprising: 

providing a plurality of network access points to users on the mobile platform; 

monitoring the onboard network to detect fef an intrusion even t made by at least 
one of the users on the mobile platform : 

using a security management system onboard the mobile platform, and 
responsive to notification of an intrusion event, to initiate a security action to address the 
intrusion event, in accordance with a set of security policies, where the security action 
can be directed to one or more selected access points on the network; and 
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indicating an operational status of the networ k, and updating the security policies 
while the onboard network is in communication with the terrestrial-based system over 
an intermittent link . 

39. (Canceled) 
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